Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

Useful Custom Report for Centrify Privilege Service Local Account Status

11 April,19 at 11:50 AM

Let's get started.  

 

Here's what you will need.

 

1 - A Deployment of Centrify Privilege Service (CPS) On Premise or via our SaaS offering.

2 - A Login account with at a minimum a role with administrative rights for Report Management.

3 - Permissions to view all accounts and systems in CPS.  

4 - 30 minutes or less

 

Setup

 First let's go through some setup steps,  this assumes you already have an instance of CPS available to you.

Login as a user with System Administrator privileges.   Go to Admin Portal -->  Roles and then click the "Add Role" button.  Name the role "CPS Administrator"  for example.   Then go to  Administrative Rights and click the "Add" button to add the "Report Management" administrative right. 

 

Screen Shot 2017-06-29 at 2.33.11 PM.png

Next Go to Members and specify the user that you would like to have this Role.   Make sure and click the "Save" button.

 

After setting up the role,  we will assign permissisons to the role in CPS.  In my example today, I am going to  grant my role access to view all systems and accounts so that they can report on all systems and acccounts in CPS,  however, you can make more granular grants of permissions  if you'd like.

 

So,  while still logged in as a user with the role of System Administrator,  please go to the Settings for the Privilege Service or Infrastructure and choose Account Permissions.  Click the "Add" button and choose your new role CPS Audit Reporting.  Make sure the View box is checked. Click the "Save" button.

Screen Shot 2017-06-29 at 2.51.14 PM.png

 

 

After this,  go to the Systems Permissions  and again click the "Add" button and then select the new role "CPS Audit Reporting" and make sure and click the "View" box and click the "Save" button.

 

Screen Shot 2017-06-29 at 2.53.08 PM.png

 Report Creation

 

Now that all the basics have been setup.  Let's go do the actual reporting.  In Admin Portal choose "Reports".  Then go to My Reports and click the "New Report" button.  Specify the name as "Account Status" then select Script Editor and add this line -

 

SELECT Server.Name as 'Name', Server.FQDN as 'DNS Name/IP Address', VaultAccount.User as 'Account', VaultAccount.Healthy as 'Status', VaultAccount.DueBack as 'due date', VaultAccount.PasswordResetLastError as 'Error', VaultAccount.ID as _AccountID, VaultAccount.MissingPassword as _MissingPassword, VaultAccount.Host as _AccountHost, VaultAccount.User as _AccountUser FROM VaultAccount JOIN Server ON VaultAccount.Host = Server.ID AND VaultAccount.Host IS NOT NULL ORDER BY Server.Name

 

As always - click the "Save" button.

Screen Shot 2017-06-30 at 12.59.21 PM.png

 

 Go back into script editor  by selecting the report and then choosing modify from the actions pull down menu.

Screen Shot 2017-06-30 at 1.01.09 PM.png

 

 Look to the far right and note the data dictionary,  here is how you can pick additional attributes for your report.

 

Screen Shot 2017-06-30 at 1.00.11 PM.png

 

 

Finally let's run the report.  Go to Admin Portal--> Reports--> My Reports and select your new "Account Status" report just by clicking on it,  the report will execute and you can view it in your browser.  If you would like to export it or email it those are options from the Actions pull down menu.

 

Screen Shot 2017-06-30 at 1.06.49 PM.png

 

 

In summary,  we have setup an Audit User with a role that can view the resources and accounts,  as well as run reports.  Then we created a custom report for Local Account Status and also showed how reports may be modified using the data dictionary.  Finally we ran the report.

 

 

 

 

 

 

 

 

 

 

 

 

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.